Daily Dothttp://www.dailydot.com/Daily Dot Articleen-usFri, 15 Feb 2013 22:44:38 +0000Facebook hit with "sophisticated" hackhttp://www.dailydot.com/news/facebook-hack-sophisticated-zero-day/<p><img src='//cdn0.dailydot.com/cache/0d/15/0d15e16d96e64faf65b54c4c8138d694.jpg'></p><p>
Facebook was hit with a &quot;sophisticated&quot; hacking attack in January that compromised the systems of a &quot;handful&quot; of engineers in an attempt to break into the site&#39;s servers.</p>
<p>
In an <a href="https://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766">announcement</a> posted to its security blog earlier today, the company said it had found &quot;no evidence&quot; Facebook user data was compromised.</p>
<p>
The attack happened after Facebook employees visited the website for a mobile developer, which hackers had previously loaded with malware. The employees&#39; laptops were up-to-date with virus protection software, but that didn&#39;t matter. The hackers took advantage of a previously unknown Java vulnerability&mdash;what&#39;s known as a &quot;zero-day&quot; attack&mdash;to bypass the security software.</p>
<p>
</p>
<p>
Joe Sullivan, Facebook&#39;s chief of security, <a href="http://arstechnica.com/security/2013/02/facebook-computers-compromised-by-zero-day-java-exploit/">revealed</a> the details of the attack to Ars Technica earlier today:</p>
<blockquote>
<p>
An analysis of the activity of the malware showed that &#39;they were trying to move laterally into our production environment,&#39; Sullivan said. The attackers gained &#39;some limited visibility&quot; into production systems, but a forensic review found no evidence that data was exfiltrated from that. However, some of the information on the laptops themselves&mdash;&#39;what you typically find on an engineer&#39;s laptop,&#39; Sullivan said&mdash;was harvested by the hackers, including corporate data, e-mail, and some software code.&#39;</p>
</blockquote>
<p>
After discovering the hack, Facebook said it immediately reported it to Oracle, the company that owns Java, as well as law enforcement agencies. The blog post warned that the hackers likely infiltrated other targets, but it did not elaborate.</p>
<p>
Perhaps coincidentally, at the same time as hackers were trying to worm their way into Facebook servers, others had breached Twitter&#39;s defenses, gaining access to the data&mdash;including encrypted password information and login tokens&mdash;of <a href="http://www.dailydot.com/news/twitter-hacked-250000-accounts-password-reset/">250,000 users</a>. Other recent high-profile victims of hacking attacks include <a href="http://www.dailydot.com/news/new-york-times-chinese-hackers/"><em>The New York Times</em></a> and <em>The Washington Post</em>. In those cases, both the <em>Times</em> and the <em>Post</em> claimed agents of the Chinese government were behind the attacks.</p>
kevin@dailydot.com (Kevin Morris)Fri, 15 Feb 2013 22:44:38 +0000http://www.dailydot.com/news/facebook-hack-sophisticated-zero-day/NewsFacebook